Monday, June 18, 2012

Local, unfortunately. And a discussion point for my Business Continuity class...
"I am the IT Manager for Shambhala Mountain Center, near Red Feather Lakes, Colorado. We are in the pre-evacuation area for the High Park Fire. What is the best way to load 50+ workstations, 6 servers, IP phones, networking gear, printers and wireless equipment into a 17-foot U-Haul? We have limited packing supplies. We also need to spend as much time as possible working with the fire crew on fire risk mitigation."

The Intro to Business class should teach: “Leave no potential source of revenue unexplored.” That does not mean you should keep it secret.
By Dissent, June 17, 2012
There are so many complaints and lawsuits following breaches that I long ago gave up on mentioning them all. But Kristen Stewart of the Salt Lake Tribune reports on one complaint that I found particularly interesting:
When University of Utah health law professor Leslie Francis learned her name and Social Security number had been exposed in the state’s Medicaid breach, she decided to do what any scholar might do — investigate.
She deduced that, like the majority of breach victims, her information was sent to the Utah Department of Health by a provider inquiring whether she was covered by Medicaid.
That was a surprise, because she is insured through her employer and none of her providers had declared in privacy notices that they may bill Medicaid. What’s more, when she asked the hospital she believes is at fault to “fess up” — citing the Health Insurance Portability and Accountability Act (HIPAA) — the hospital refused, citing the same law.
The professor went on to file complaints with HHS, OCR, and the FTC. Read more on Salt Lake Tribune.

When your programmers say, “I've got this really simple idea for a coding scheme...” BEWARE! investigates after customer discovers security breach
June 18, 2012 by admin
Dylan C. Robertson reports:
Kevin Hunt travels whenever he finds time off and a good deal. So when his credit statement listed, he went to the travel booking site to see which trip the charge was for.
The site allows people to find reservation details by searching their last name and the last four digits of their credit card. When Hunt keyed in his information, he found his hotel booking for an upcoming trip to Vermont.
But he also found bookings for people named Hunt in Oklahoma and Massachusetts, complete with their home addresses, phone numbers and emails, as well as credit card expiry dates.
Read more on The Toronto Star and see what you think of the firm’s response to the customer.
[From the article:
But he also found bookings for people named Hunt in Oklahoma and Massachusetts, complete with their home addresses, phone numbers and emails, as well as credit card expiry dates.
“It’s scary,” said Hunt, a Markham elementary school teacher. “You can see where someone lives and when they’ll be out of town. It’s like an invitation.”
He’d used an American Express credit card, which often end in numbers between 1001 and 1009. Typing those numbers alongside common names like Smith, he was able to find scores of strangers’ personal information.

Leave this to the Pros (my Ethical Hackers)
Hacked companies fight back with controversial steps
June 17, 2012 by admin
Joseph Menn of Reuters reports that some U.S. firms are fighting back against hackers in unorthodox – if not downright illegal – ways:
“Not only do we put out the fire, but we also look for the arsonist,” said Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined new cyber security company CrowdStrike, which aims to provide clients with a menu of active responses.
Once a company detects a network breach, rather than expel the intruder immediately, it can waste the hacker’s time and resources by appearing to grant access to tempting material that proves impossible to extract. Companies can also allow intruders to make off with bogus files or “beacons” that reveal information about the thieves’ own machines, experts say.
Henry and CrowdStrike co-founder Dmitri Alperovich do not recommend that companies try to breach their opponent’s computers, but they say the private sector does need to fight back more boldly against cyber espionage.
Read more on Reuters.
[From the article:
It is commonplace for law firms to have their emails read during negotiations for ventures in China, Alperovich told the Reuters Global Media and Technology Summit. That has given the other side tremendous leverage because they know the Western client company's strategy, including the most they would be willing to pay for a certain stake.
But if a company knows its lawyers will be hacked, it can plant false information and get the upper hand.
… Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage.
"There is no business case for it and no possible positive outcome," said John Pescatore, a National Security Agency and Secret Service veteran who leads research firm Gartner's Internet security practice.
… Because some national governments are suspected in attacks on private Western companies, it is natural that some of the victims want to join their own governments to fight back.
"It's time to have the debate about what the actions would be for the private sector," former NSA director Kenneth Minihan said at the RSA security conference held earlier this year in San Francisco.
In April, Department of Homeland Security Secretary Janet Napolitano told the San Jose Mercury News that officials had been contemplating authorizing even "proactive" private-entity attacks, although there has been little follow-up comment.

Of course demand was up...
"Governments are sticking their noses into Google's servers more than ever before. In the second half of 2011, Google received 6,321 requests that it hand over its users' private data to U.S. government agencies including law enforcement, and complied at least partially with those requests in 93% of cases, according to the latest update to the company's bi-annual Transparency Report. That's up from 5,950 requests in the first half of 2011, and marks a 37% increase in the number of requests over the same period the year before. Compared with the second half of 2009, the first time Google released the government request numbers, the latest figures represent a 76% spike. Data demands from foreign governments have increased even more quickly than those from the U.S., up to 11,936 in the second half of 2011 compared with 9,600 in the same period the year before, though Google was much less likely to comply with those non-U.S. government requests."

We've done it before...
"The BBC reports that the UK's Draft Communications Bill includes a provision which could be used to force the Royal Mail and other mail carriers to retain data on all physical mail passing through their networks. The law could be used to force carriers to maintain a database of any data written on the outside of an envelope or package which could be accessed by government bodies at will. Such data could include sender, recipient and type of mail (and, consequentially, the entire contents of a postcard). It would provide a physical analog of the recently proposed internet surveillance laws. The Home Office claims that it has no current plans to enforce the law." [Future plans are already in place Bob]

An interesting issue...
June 17, 2012
Article - Predicting Fair Use
Sag, Matthew, Predicting Fair Use (February 25, 2012). Ohio State Law Journal, Vol. 73:1 47-91 (2012); TRPC 2011; Loyola University Chicago School of Law Research Paper No. 2012-005. Available at SSRN
  • "Fair use is often criticized as unpredictable and doctrinally incoherent - a conclusion which necessarily implies that the copyright system is fundamentally broken. This article confronts that critique by systematically assessing the predictability of fair use outcomes in litigation. Concentrating on characteristics of the contested use that would be apparent to litigants pre-trial, this study tests a number of doctrinal assumptions, claims and intuitions that have not, until now, been subject to empirical scrutiny. This article presents new empirical evidence for the significance of transformative use in determining the outcomes of fair use cases. It also substantially undermines conceptions of the doctrine that are hostile to fair use claims by commercial entities and that would restrict limit the application of fair use as a subsidy or a redistributive tool favoring the politically and economically disadvantaged. Based on the available evidence, the fair use doctrine is more rational and consistent than is commonly assumed."

If not libraries, who else might jump on this business model?
June 17, 2012 - Should libraries start their own, more trustworthy Facebook?
Via Should libraries start their own, more trustworthy Facebook? - David Rothman proposes that the time may be fast upon us for libraries — perhaps allied with academic institutions, newspapers and other local media — to start their own more trustworthy Facebook. His involvement with the Digital Public Library of America provides a reference point and support for the integral role that this new model of virtual connectivity and knowledge sharing can play moving forward.

Global Warming! Global Warming! Sorry Al...
Sorry Global Warming Alarmists, The Earth Is Cooling
Climate change itself is already in the process of definitively rebutting climate alarmists who think human use of fossil fuels is causing ultimately catastrophic global warming. That is because natural climate cycles have already turned from warming to cooling, global temperatures have already been declining for more than 10 years, and global temperatures will continue to decline for another two decades or more.
That is one of the most interesting conclusions to come out of the seventh International Climate Change Conference sponsored by the Heartland Institute, held last week in Chicago.

Un-censor the Internet!
While American internet users can quite happily watch Hulu, the fact that I live in the UK means I can’t. Likewise, BBC iPlayer is free for UK citizens; but if your physical location says America then you’re out of luck buddy. It’s a frustrating state of affairs, and we won’t stand for it! Neither will a new free service that aims to remove region restrictions the world over by way of some magic DNS trickery.

As my fish monger says, “Here something just for the halibut.”
There are numerous websites that let you be creative with paper. Adding to this list is Cube Creator, a site that provides you with a printable cube template that you can customize and print.
Similar tools: Printsgram and PaperCritters.

No comments: